My thoughts on Slackware, life and everything

Chromium security updates (and fix for 32-bit crash)

I have updated the ‘chromium‘, ‘chromium-ungoogled‘ and ‘chromium-widevine-plugin‘ packages in my repository.

For Chromium (-ungoogled) these are security updates. The new 89.0.4389.90 release addresses several critical vulnerabilities (it’s the third release in the 89 series in rapid succession actually, to fix critical bugs) but in particular it plugs a zero-day exploit that exists in the wild: CVE-2021-21193. You are urged to update your installation of Chromium (-ungoogled) ASAP.

I made chromium-ungoogled also available for Slackware 14.2, I hope that makes some people happy.

Since I had to build packages anyway, I took the opportunity to apply a patch that fixes the crashes on 32-bit systems with glibc-2.33 installed (i.e. on Slackware-current).
In that same chromium-distro-packagers group that is the home of the discussion about Google’s decision to cripple 3rd-party Chromium browsers, I had asked the Chromium team to address the crash Slackware users are experiencing. Google is no longer offering 32-bit binaries which means, issues like these are not likely to be caught in their own tests, but they are listening to the packagers who do build 32-bit binaries. Luckily. And the fix took a while to actually get implemented, but in the end it all worked out. I assume that the patch will end up in the Chromium source code after it passes the internal review process.

The Widevine plugin package for which I provided an update, is meant for chromium-ungoogled only. The ‘real’ Chromium does not need or use it, since Chromium downloads this CDM library automatically for you. The change to the package is small: it adds a compatibility symlink. That is not needed for chromium-ungoogled itself, but I was alerted to the fact that Spotify specifically looks for ‘libwidevinecdm.so’ in the toplevel Chromium library directory. The update takes care of that.

Also, this was the last package which i compiled for Chromium that contains my Google API Key as well as the OAuth client/secret credentials. I noticed that Chromium still works as before, even now after the 15 March deadline has passed, but future builds of my package will only contain my API key. That will leave the Safe Browsing functional, but it removes the Chrome Sync and other features. If you still want Chrome Sync to work with Chromium, I just want to point you to “/etc/chromium/01-apikeys.conf” in my future packages and get inspired by its content.

Have fun!
Eric

17 Comments

  1. gegechris99

    Thank you for the timely security update of Chromium-ungoogled.

  2. Dariusz Brzezinski

    Hi Eric,

    Thank you for your hard work. I noticed that the Widevine plug-in package still requires chrome (“slack-required” file). As you said, it “is meant for chromium-ungoogled only. The β€˜real’ Chromium does not need or use it…”. Shouldn’t “slack-required” be updated accordingly in this case?

  3. f6k

    Thank you very much AlienBob πŸ™‚

  4. KG Hammarlund

    While the latest chromium-ungoogled upgrade runs without flaws on my 64bit -current system, I’ve run into chromium problems on my old asus eee with slackware-14.2 32bit.
    I decided to replace chromium-88.0.4324.182 with the latest chromium-ungoogled (89.0.4389.90). After removing chromium and installing chromium-ungoogled it wouldn’t start. Trying to run from terminal gave me a message that libxkbcommon was missing. After installing that package and trying again, I got “Illegal instruction” from the terminal.
    Uninstalled chromium-ungoogled, reinstalled my old chromium package, chromium runs again.

    • alienbob

      You could also install libxkbcommon, libinput and libwacom from my 14.2 repository. That makes this package work on 14.2. I need to work out how to build the package properly on a clean Slackware 14.2 still.

  5. KG Hammarlund

    I installed the three packages you mentioned, but no difference, sadly. Still get that “Illegal instruction” error πŸ™

  6. KG Hammarlund

    Eric, noted your comment in another post that you consider giving up 32bit Chromium. In that case I think you’re more than excused. The neverending changes to the chrome sources must be tiresome. Guess we’ll se more 32bit programs abandoned in the future.
    I’ll keep your old chromium-88 package as a fallback.

    • alienbob

      I think if I ever stop upgrading Chromium or other big packages, I will keep a “last version” in the repository anyway.

  7. KG Hammarlund

    On my 14.2 32 bit install, the “illegal instruction” error persists when trying yesterday’s version. Either something is amiss with my install (but then, why does your chromium-88 package run without issues?) or it’s really the death knell for chrome-based browsers on 32 bit systems.

    • alienbob

      It starts properly inside my 32-bit QEMU VM which is the only 32bit system I can produce. No idea what happens on your machine, have you tried a fresh user account to see whether it’s something inside your profile that causes the crashes?

      • KG Hammarlund

        Thanks for your efforts. I finally discovered that it’s hardware-related. Chrome-89 and onwards requires sse3, and theold pentium cpu in my old Asus eee only supports sse2.

  8. Eduard

    Feeling I feel a bit sad … with my very old Pentium III laptop, which had still just Win XP installed. πŸ™
    This week, after many years, I decided to give Linux a try on this old machine.

    I decided to choose Slackware, because of it’s very stable but still maintained older Linux releases – perfectly fitting such old hardware.

    So I burned a dvd-rom from the 14.2 iso from Internet (never burned a disk for many years, LOL). Managed get a dvd-writer working in another machine.
    Eventually installed the entire thing on the old machine in a dual-boot config using Lilo.
    Then, after succesfully setting up a network connection, I decided to upgraded all packages to te latest version.
    But, sadly, the upgrade of Firefox from 42 ESR to 68 ESR turned to make the browser non-functional on this CPU and I had to downgrade it back to the old version from the cd. So a safe updated Firefox turned out to be no option. πŸ™

    After reading tips from the internet to install Chrome/Chromium, I decided to go for Chromium today.
    Since it’s an “alien” package in Slackware jargon, I had to install it manually.

    Apparently I am to late … πŸ˜›
    (Konqueror works, but I don’t know how safe and updated it is)

    • KG Hammarlund

      From what I’ve been able to find on google, the Pentium III processor supports sse but not sse2 (or sse3, of course). You can check by running
      cat /proc/cpuinfo
      in a terminal window and see if you can find sse2 in the flags output.
      If no sse2, you’ll probably be stuck with older browser versions. If no sse3, chromium versions from 89 and upwards won’t work.

      • Eduard

        bash-4.3$ cat /proc/cpuinfo | grep -i flags
        flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pse36 mmx fxsr sse

        Hi KG Hammarlund,

        Se the above result. So just “SSE”. I also googled around (of course) and came to the same conclusions.

        Actually it’s amazing that this twenty years old laptop still works! And it’s all just for fun.
        Even loading this website is a serious job for it. πŸ˜›

        Just running mozilla-firefox-45.2.0esr now and even though it’s definitely not the latest version and may have some security issues, I’m not planning to do extensive web browsing on this machine, just necessary actions. πŸ˜›
        This Firefox version still scores 444 out of 555 points on https://html5test.com, while Konqueror (which is of version 4.14) scores only 79 out of 555.
        Maybe I can still search for an a bit newer Chromium that is not version 89, but for what it’s worth.

        Slackware 14.2 itself more or less works and that’s already fun.

        • KG Hammarlund

          What about Seamonkey? According to Semonkey’s own “system requirements”,the Linux build requires at least a pentium2 processor, so pentium III ought to be OK. There was a new version (2.53.7) added to the 14.2 repo yesterday. Have you tried that one?

          • Eduard

            Nope, same problem, “Illegal instruction”. Already tried it.

            And I was not surprised too though, since SeaMonkey has the same roots and also runs on Gecko.

            Eduard

  9. Stefan

    Hi Eric. Thank you for your work. How did you manage to get rid of libstdc ++. So.6? use_custom_libcxx=true disables libatomic. libstdc ++. so.6 remains so. I’m trying to make my own assembly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑